What to know on internet privacy policy

Internet Privacy Policy: What to Know

A Privacy Policy is a written statement of all the steps a company or organization must take to ensure that its customers or users are safe and used appropriately with the data that has been collected in the commercial relationship. In addition, the Data Protection Statement provides information on how data is collected, stored and used and whether, or how, it is transmitted to third parties.

What the law says

The law is designed to protect sensitive data from users as well as website administrators from any violation. For example, the so-called “computer and freedoms” law deals with personal data in particular in Article 34, where it is stipulated that “the processor is required to take all necessary precautions, given the nature of the data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent it from being distorted, damaged, or from having unauthorized third parties have access to it.”

Note the non-compulsory aspect of the law (“is required”), which still encourages actors to read it. These conditions are primarily aimed at securing the sites and avoiding possible trouble caused by unscrupulous Internet users. On the other hand, failure to comply with this duty of security is punishable by law. For this reason, it is recommended that all site administrators write the terms and conditions of their site.

While the role of data collection on online shops is easily understandable and the need for the data protection statement obvious, the situation is completely different for many other websites. Many data are collected and recorded automatically and often, without the user’s knowledge: web servers record IP addresses in log files, built-in social media buttons transmit personal data to social networks, and cookies also back up information about users and their browsing behavior. Another even hotter topic is website analytics tools like Google Analytics, which records data traffic. The Google tool is particularly problematic from the point of view of the data protection law, because the IP address of users is stored on a server in the United States.

In order to at least partially mitigate this problem, website users can shorten the IP address of the latest set of numbers, resulting in the loss of personal data.

What are the standards?

The privacy policy must be clear and neat. Although they are unique to each individual, some topics need to be addressed, such as:

  • The purpose of the privacy policy: what are their objectives?
  • Legal mentions: these are mandatory and have been addressed in the article of the same name
  • Access to the site: how to use it
  • Intellectual property rules: a ban on copying the content of the site without citing the source
  • Personal data rules: This is your statement to the CNIL, which is responsible for protecting your data
  • Responsibility: This party determines and delineates the responsibilities of each party

The special case of e-commerce sites

As mentioned earlier, online shops are particularly targeted by this regulation. They are encouraged to draft terms and conditions of sale to clarify the responsibility of each party in the transactions.

Many websites offer templates but also more resources for your terms and privacy policy. These sites will allow you not to commit a stalemate.

Here is a general conditions generator (paying) that can help you: Termsfeed.

Generators and templates are a good way to write a data protection statement for your own website. However, you should also not blindly trust the result. Models represent a base that often needs to be modified individually. If this sounds too complicated to you or if you are not sure that your data protection statement is correct and understandable, we recommend that you receive expert advice.

What are the penalties?

If these data protection obligations are not met, the penalties vary, ranging from a simple warning to a five-year prison sentence and a $200,000 dollars fine.

To illustrate this point, we could cite the case of the site entreparticuliers.com. The site had been the subject of a complaint by a client whose data had been disclosed without his consent. The CNIL was then seized and found that the web page had not defined any policy for the retention of all data, giving way to malfunctions with regard to banking information. Following this complaint, the CNIL issued a public warning and demanded compliance with the computer law and freedoms.

It is also to be expected that the still incoherent legal interpretation will soon come to an end, as soon as the new General Data Protection Regulation (GDPR) is incorporated as a basis factor in future legal decisions. The regulation not only limits the scope of the scope in terms of reporting obligations for data protection and formulation, but also increases the scope of possible fines up to 20 million euros or 4% of annual turnover worldwide (the highest amount being withheld).

Tips for data protection reporting: models and generators

On the Internet, you’ll find many free offers that help you create the data protection statement for your website. Look for existing models that are relevant to your site. There are both ready-to-use models for the general statement regarding the collection and protection of users’ data as well as special categories such as social networks (Facebook, Twitter, etc.), cookies, contact forms or sending newsletters. In this way, you also receive the data protection statement for Google Analytics or other analysis tools in form form, including a link for all users who do not agree with the collection and transmission of their data.

In addition to various examples, some websites also offer free data protection statement generators, examples of required texts and their shaping. The result is often available as text and HTML.

Models and generators are a good way to write your own website’s privacy policy. However, the result should not be relied upon blindly. Although the models form the basis, they often need to be modified and completed individually. If you are not sure that your data protection statement is complete and correct, we also recommend that you seek the advice of a legal expert.

Leave a Reply

Your email address will not be published. Required fields are marked *